Filtered by vendor Caddyserver
Subscribe
Search
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-50463 | 1 Caddyserver | 1 Caddy | 2023-12-13 | N/A | 6.5 MEDIUM |
| The caddy-geo-ip (aka GeoIP) middleware through 0.6.0 for Caddy 2, when trust_header X-Forwarded-For is used, allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism (trusted_proxy directive in reverse_proxy or IP address range restrictions). | |||||
| CVE-2022-29718 | 1 Caddyserver | 1 Caddy | 2022-06-12 | 5.8 MEDIUM | 6.1 MEDIUM |
| Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links. | |||||